Is Your Business Compliant with 2024 Data Privacy Laws?
Change can be daunting, especially when it comes to business operations. As a business owner, you’re probably familiar with the need to stay updated on changes that can help your company grow and stay stable. But when changes are mandated by law, it can be even more challenging to adapt. Data privacy laws might seem like extra work, but they’re designed to protect everyone. The real culprits are those who misuse or steal personal data. By embracing and adhering to current data privacy laws, you not only protect your customers but also strengthen their trust in your business. Staying legally compliant is crucial for your business’s success.
Federal Laws
The journey of data privacy laws in the United States began with the Privacy Act of 1974. This act was introduced to prevent the wrongful disclosure of consumer information. Initially, it served as a simple guideline for businesses to understand the importance of protecting personal information. As technology and crimes evolved, so did the laws, leading to the introduction of several significant federal laws over the years:
- 1996: The Health Insurance Portability and Accountability Act (HIPAA) established standards for healthcare providers on the use of patients’ personal health data.
- 1998: The Gramm-Leach-Bliley Act (GLBA) focused on data privacy for financial institutions. Additionally, the Children’s Online Privacy Protection Act (COPPA) limited data usage for children under 13.
- 2002: The Sarbanes-Oxley Act aimed to protect investors from fraudulent financial reporting by corporations.
- 2003: The Fair and Accurate Credit Transactions Act (FACTA) required creditors and reporting agencies to protect consumers’ identifying information and provided consumers with access to free credit reports.
State Laws
1. The Oregon Consumer Data Privacy Act (OCDPA)
Effective from July 1, 2024, and in 2025 for charitable organizations, the OCDPA is one of 16 comprehensive state data privacy laws. It empowers consumers with control over their personal data and how it’s used by businesses. Key rights include:
- Right to Access: Consumers can request a copy of the personal information collected by businesses.
- Right to Correct: Consumers can ask businesses to correct inaccuracies in their personal information.
- Right to Delete: Consumers can request businesses to delete their personal information.
- Right to Opt Out: Consumers can prevent businesses from selling their personal information to third parties.
- Right to Request: Consumers can request a list of third parties with whom their personal data has been shared.
2. Amendments
Starting January 1, 2026, Oregon residents will have enhanced protection, making it easier to opt out of data collection and sales. They can use a universal opt-out mechanism (UOOM) to prevent websites from collecting new personal data. The Global Privacy Control (GPC) is currently the most recognized version of this mechanism. If your business has a website, updating it to honor GPC preferences is essential to comply with the OCDPA.
3. My Health, My Data Act (MHMDA)
Washington State pioneered a comprehensive health data privacy law with the My Health My Data Act in 2023. The Washington Privacy Act (WPA) is still pending but aims to provide similar consumer rights regarding data access, portability, correction, deletion, and restriction.
4. Data Brokers – 2024
In 2023, Oregon House Bill 2052 was passed to limit how data brokers use personal information. Data brokers who collect and sell personal or professional information to third parties must register with the Department of Consumer and Business Services. This law addresses concerns such as the misuse of data for discrimination and targeting vulnerable populations. Non-compliance can result in fines or operational bans.
Protection to the End
Data privacy laws cover the entire lifecycle of personal information, from collection to destruction. Once information is no longer needed or legally required to be kept, it must be destroyed securely to prevent unauthorized access. Even if your business follows all protocols for handling data, proper destruction is crucial. Shredding is one of the most effective and economical methods for ensuring information is irretrievable. Partnering with a professional shredding company can ensure compliance with data privacy laws.
DataSafe offers secure destruction of all personal data, including paper, electronic media, and branded products, in accordance with current data privacy laws. To stay compliant, contact us at 503-620-3423 or complete the form on this page.
Get Your Quote
"*" indicates required fields